“Commercial off-the-shelf technology is a fundamental component within the network world. And, the infrastructure across which we operate, for the most part, belongs to the private sector—some put the numbers between 70 and 80 percent,” says Richard C. Schaeffer, NSA’s information assurance director. The Cryptographic Modernization initiative “is about us trying to conduct the operations of business—whether that’s military, intelligence or just the business of government—across a network that was never designed with the levels of assurance that those businesses demand.”

Charged with creating the CM road map in 2000, NSA in February 2001 unveiled a multibillion-dollar, multiyear undertaking to transform cryptographic security capabilities for national security. The program already deals with the most mission-critical and least public cryptographic applications and now focuses on modernizing legacy algorithms and systems, Schaeffer says.

This includes swapping more than 1.3 million cryptographic devices over the next 10 to 15 years and adding countless new devices, mostly small and mobile. So the lions’ share of new encryption will turn on more modular, less cumbersome elliptic-curve keys that agencies can upgrade easily as algorithms improve and needs change.

Future’s Open
“The thing about elliptic-curve cryptography is that it’s all open-source. Everyone in the world has had a chance to bang on these [elliptic-curve] algorithms and make them more secure,” says John Pescatore, vice president of security research at Gartner Inc. of Stamford, Conn. “This is a major change from the way crypto algorithms were handled in the past, which were all done in house and in secret.”

Certicom Inc., a cryptography vendor in Ottawa with more than 130 elliptic-curve patents, has licensed to NSA rights on 26 curve algorithms that the agency will further develop in-house and with defense contractors. The patents, which support development of nine of the 15 elliptic curves standardized by the National Institute of Standards and Technology, specifically support national security uses certified under FIPS-140-2 or approved by NSA.

Because of its smaller encryption keys and easier key manageability than that of today’s RSA and Diffie-Hellman algorithms, elliptic-curve encryption is particularly applicable where communications channels are restricted and where small devices are running the applications, experts say.

In this way, smaller apps offer the degree of flexibility the government is seeking for modern cryptography development, starting first with its communications, and then for its data needs, says Chris Fedde, senior vice president and general manager of SafeNet Inc. of Belcamp, Md.

SafeNet is halfway through a $150 million contract to provide the government with KIV-7M Link Encryptors for ship, plane and other satellite and wireless communications security. In March, these encryptors became the first certified by NSA under the CM program.

“The beauty of crypto modernization is we now have the ability to do high-end security with technology that’s re-programmable at the chip level,” Fedde says. “This reduces development costs dramatically because you don’t have to swap out equipment every 10 years to reprogram and update as new crypto cycles through.”

Because of the variety of applications and channel conditions communications and data must run over, current crypto applications need to be light on their feet. Primarily, the coming crypto schemes must be manageable under changing conditions, easily upgradable, certifiable and allow interoperability internally and with allies, such as Canada and the United Kingdom, which are also standardizing on elliptic curves for key management, Schaeffer says.

“The CM effort provides guidance and oversight for all high-assurance cyryptography, monitoring algorithms and systems throughout their entire lifecycle,” hs says. “The level of effort may be reduced once the immediate crypto issues are resolved and a better process of implementing cryptography through its lifecycle is in place.”

Steep Curve
Of all of NSA’s CM mandates, interoperability in changing conditions is by far the most difficult to achieve, says Peiter “Mudge” Zatko, division scientist and technical

Randall Scott
From the perspective of NSA’s Richard C. Schaeffer, his agency’s role in cryptography and its use across government, and particularly across DOD, is a never-ending assignment.

director of decision and security technologies for BBN Technologies Inc. BBN, a communications and security vendor in Cambridge, Mass., primarily works with the Defense Advanced Research Projects Agency.

“We have good crypto, and we’re using it,” Zatko says. “So the challenge is the interoperability and fields of use. You’re talking about devices all over the world operating a myriad of different systems over analog phone lines, X.25 links, asynchronous transfer mode or IP-based communications links, and trunk lines that vary widely between industrialized and Third World countries.”

Plus, users are never guaranteed what connection they’ll actually have for their encrypted communication. And they can’t have one type of crypto for each possible transmission method, so modern apps must scale to meet the changing demands, Zatko says.

This is why much of today’s CM work involves testing—to make sure encrypted communications don’t fail in different and changing communications environments along the message transport chain, Zatko says.

For instance, phone companies can introduce frequency notch filters to prevent certain tones from being transmitted to their switches, such as blocking the 2600-hertz tone that phreakers (telephone hackers) used in the 1990s for getting free calls. Similarly, telecommunications equipment might accidentally interpret some tones that crypto devices generate as signal tones and accidentally terminate the communications link, he adds.

In the Cloud
Much of the CM development moving forward is protection of data, audio and video over IP networks to support the Defense Department’s centralization of data across the Global Information Grid.

People liken the GIG—with its planned seamless, secure and interconnected information services for all of DOD, warfighters and office users alike—to a black core that connects everyone to everyone else, Zatko says. This creates new security problems and puts the emphasis on sound cryptography practices.

“The intelligence and Defense communities are in the business of protecting their data, and GIG gives access to all of this data,” Zatko says. “How do you do that without weakening your posture? Crypto plays a big role right off the bat.”

In the GIG’s conceptual environment, the analog voice networks and IP networks are carried out in clouds, rather than rigidly controlled satellite and ground transmission stations in the more rigid communications security model, says Jay Wack, CTO for TecSec Inc. of Vienna, Va.

“In these clouds, information can’t be controlled because it runs over public networks of routers, switches and addressing systems that send packets hither and yon to reassemble on the other side,” he says.

Furthering this loss of control is the use of commercial technologies to augment DOD’s mission-critical user requirements for GIG.

For the past 20 years, the government’s been agonizing over how to take advantage of all the developments in the commercial sector—software that can be riddled with flaws—and still protect its digital communications, says Fedde, whose company received NSA approval for development of a classified, Type 1 version of its 10-Gigabit SONET Encryptor device for classified IP traffic.

The problem of buggy, insecure software is one Schaeffer says he wishes vendors could fix—or at least do a better job of handling.

Without End
“The new network is one of ever-changing technology in which the number and volume of vulnerabilities continues to expand every day,” Schaeffer says. “What we need is for industry to improve the overall assurance of products and improve the security, safety and quality of software while also addressing many of the very open vulnerability issues that are discussed within the open-source community today.”

On the other hand, that same software, at least in the case of open-source cryptographic algorithms, has had time to develop and strengthen over its lifecycle, experts say. “Crypto Modernization is a validation of what the industry’s done well,” Fedde says.

Because of the evolving technology and threat landscape, Schaeffer sees no sunset date falling on DOD’s Crypto Modernization program. Instead, he sees CM continuing into the future as a “continuous role in the fielding of cryptography in national security systems.”

Unchanged Threats: Learn more by going to www.defensesystems.com and entering 132 in the Quickfind search box.

purchase reprint

link to this page